MPC8377EWLAN Wireless Router Software User’s Guide Document Number: MPC8377EWLANSUG Rev 1.1.
How to Reach Us: Home Page: www.freescale.com Web Support: http://www.freescale.com/support USA/Europe or Locations Not Listed: Freescale Semiconductor, Inc. Technical Information Center, EL516 2100 East Elliot Road Tempe, Arizona 85284 1-800-521-6274 or +1-480-768-2130 www.freescale.
Contents About This Book............................................................................................................ 6 Audience................................................................................................................................................. 6 Definitions, Acronyms, and Abbreviations.............................................................................................. 6 1 Package Contents ...............................................................
Selecting or Changing System Items ............................................................. 37 4.1 Settings ...................................................................................................................................... 37 4.2 Password ................................................................................................................................... 38 4.3 SNMP ................................................................................................
7.3.2 Create RAID1........................................................................................................................ 60 7.3.3 Format RAID ......................................................................................................................... 61 7.3.4 Recovery ............................................................................................................................... 62 7.3.5 Mount ..............................................................
About This Book This manual provides information about the MPC8377EWLAN wireless router software. It contains information on how to connect and configure MPC8377EWLAN wireless router. Audience The audience for this software manual is the user who wants to become familiar with the MPC8377EWLAN wireless router and who is trying to connect and configure MPC8377EWLAN wireless router. It is assumed that user has basic computer and Internet skills.
VPN Virtual Private Network WAN Wide Area Network WDS Wireless Distribution System WEP Wired Equipment Privacy WPA Wi-Fi Protected Access WWAN Wireless-Wide-Area-Network MPC8377EWLAN Wireless Router SW User’s Guide 7
1 Package Contents The package should contain all the items listed in Table 1-1. MPC8377EWLAN is a secure wireless router, one-application build in the Reference Design Solution platform enabled by near-market ready, with BOM-optimized hardware and open-source software support.
Figure 2-2. Option Example Selection—Network 2.3 Saving and Applying Changes to Settings When you change a setting, scroll to the bottom of the webpage to see Save Changes and Apply Changes options. Click Save Changes and then Apply Changes to establish your new settings (Figure 2-3). Other options you can select are reviewing and cancelling the changes. NOTE Figures might or might not show the save/apply option. For each page you change, scroll to the bottom and select change option(s) as applicable.
a configuration terminal. Verify the TCP/IP settings. Normally, the TCP/IP setting should be on the IP subnet of the MPC8377EWLAN wireless router. NOTE Before you start, you should use a wired connection for initial configuration, which will avoid possible setup problem due to wireless uncertainty. 3.1 Connecting the MPC8377EWLAN Wireless Router (Wired Computing) This section explains the wiring setup for the computer connected to the Internet.
3.1.2 Using the Power over Ethernet (POE) There must be at least three RJ-45 cables in the MPC8377EWLAN wireless router wiring connection while using POE. Table 3-2 lists the cable connections, and Figure 3-2 depicts them. Table 3-2. Cable Connections, Power Over Ethernet Cable Cable # From To 1 Router, WAN port POE, PWR-LAN-OUT 2 Router, LAN port Your computer, Ethernet 3 POE, LAN-IN ADSL or computer modem, Ethernet Figure 3-2. Cable Connection Layout, Power Over Ethernet 3.
Figure 3-3. My Network Places > Properties 2. In the Network Connections window, select one of the following options ⎯ If you are using a wired connection, right-click Local Area Connection > Properties (Figure 3-4). Figure 3-4. Network Connections, Wired ⎯ If you are using a wireless connection, right click Wireless Network Connection > Properties (Figure 3-5).
Figure 3-5. Network Connections, Wireless 3. For wired connection, the following steps apply: a. In the Local Area Connection Properties window > General tab, scroll down to Internet Protocol (TCP/IP) (Figure 3-6) then double click it to open the Internet Protocol (TCP/IP) Properties window (Figure 3-7). Figure 3-6. Local Area Connection Properties b. In the General tab (Figure 3-7), perform the following steps: 1.) Click Obtain an IP address automatically.
2.) Click DNS address automatically. 3.) Click OK to close Internet Protocol (TCP/IP) Properties window and return to the Local Area Connection Properties window. Figure 3-7. Setting Up the IP Address Automatically c. At the Local Area Connection Properties window, click OK to close it. 4. For wireless connection, perform step 3 similar to those of wired connection. (The window titles are different.) 3.3.
Figure 3-8. Setting Up the IP Address Manually 3.4 Configuring the MCP8377EWLAN Wireless Router This section explains how to configure your router. The steps consist of opening a browser, going to a website, logging in, and then configuring the router for user equipment. 3.4.1 Logging In to the Router Home Page Perform the following steps to log in to the router home page: 1. Open an Internet browser. 2. Type http://192.168.1.1 in the address bar, then press Enter or click the go-to link (Figure 3-9).
Figure 3-10. Login The MCP8377EWLAN wireless router home page appears (Figure 3-11), with default page Info > System. (For information about the interface, refer to Section 2 titled Introduction to the Interface.) Figure 3-11. MPC8377EWLAN Wireless Router Home Page 3.4.2 Setting up the Network The MPC377EWLAN wireless router supports six types of ISP services—static IP address, PPPOE, PPTP, DHCP, PPPOA, and WWAN.
3.4.2.1 Cable User (Static IP) If you are receiving services from cable or other ISP assigning IP address automatically, select one of the following (Figure 3-12), for which you can type the static IP address: • • LAN Configuration > Connection Type > Static IP WAN Configuration > Connection Type > Static IP Figure 3-12. Network Setup—Static IP Address (LAN or WAN) Options include the following: • • • • LAN DNS Servers (field and Add button).
3.4.2.2 DHCP User If you are a DHCP service user, select one of the following (Figure 3-13): • • LAN Configuration > Connection Type > DHCP WAN Configuration > Connection Type > DHCP Figure 3-13. Network Setup—DHCP (LAN or WAN) Options include the following: • • • Remove Network LAN, which removes selection options for LAN Configuration. Remove Network WAN, which removes selection options for WAN Configuration. Add Network (field and Add Network button).
Figure 3-14. Network Setup—PPPOE (LAN or WAN) Options include the following: • • • Remove Network LAN, which removes selection options for LAN Configuration. Remove Network WAN, which removes selection options for WAN Configuration. Add Network (field and Add Network button). Also, for any WAN server IP shown (if existing), there is a Remove link option. 3.4.2.
Figure 3-15. Network Setup—PPPOE (LAN or WAN) Options include the following: • • • Remove Network LAN, which removes selection options for LAN Configuration. Remove Network WAN, which removes selection options for WAN Configuration. Add Network (field and Add Network button). Also, for any WAN server IP shown (if existing), there is a Remove link option. 3.4.2.
Figure 3-16. Network Setup—PPTP (LAN or WAN) Options include the following: • • • Remove Network LAN, which removes selection options for LAN Configuration. Remove Network WAN, which removes selection options for WAN Configuration. Add Network (field and Add Network button). Also, for any WAN server IP shown (if existing), there is a Remove link option. 3.4.2.
• • LAN Configuration > Connection Type > WWAN WAN Configuration > Connection Type > WWAN Figure 3-17. Network Setup—WWAN (LAN or WAN) After selecting LAN or WAN configuration, also select the secondary Connection Type (UMTS first, UMTS only, GPRS only) from the drop-down list. Make other selections and fill other fields as appropriate. Options include the following: • • • Remove Network LAN, which removes selection options for LAN Configuration.
3.4.2.7 Wireless User The MPC8377EWLAN wireless router supports 802.11b/g/n, you can choose the right criteria which are suitable for your wireless connection. The router supports two wireless cards at the same time. The configuration steps for both the wireless cards are same. After configuring for the first card, you can perform the same steps for the second card. After setting the connection type in the Network Configuration tab page, set up your wireless interface.
• • WPA (PSK), WPA2 (PSK), WPA+WPA2 (PSK). WPA is the abbreviation for Wi-Fi Protected Access. PSK is the abbreviation for -Pre-Shared Key. WPA (RADIUS), WPA2 (RADIUS), WPA/WPA2 (RADIUS). RADIUS is the abbreviation for Remote Authentication Dial-In User Service. NOTE In this section, a pair of break lines in a figure indicates a gap between the top of a screen page and the information of interest farther down. 3.4.2.8.
WPA+WPA2 (PSK) from the dropdown menu and type the key in the WPA PSK field. Figure 3-20 shows example settings for WPA (PSK). Figure 3-20. Wireless Encryption Setting—WPA-(PSK), RA0 Section Shown 3.4.2.8.3 WPA (RADIUS) Encryption If your network uses a Remote Authentication Dial-in User Service (RADIUS) server for authentication, select WPA (RADIUS) or WPA2 (RADIUS) or WPA+WPA2 (RADIUS) from the drop-down menu.
Figure 3-21. Wireless Encryption Setting—WPA-(RADIUS), RA0 Section Shown 3.4.2.9 MAC (Media Access Control) Filter MAC filtering is security access control method, in which the 48-bit address assigned to each network card is used to determine access to the network. At the MAC Filter drop-down list, you can control which PCs are permitted or denied communication with the access point depending on their MAC address. See section 5.3 Interfaces for the addresses that apply to your unit.
3.5.1 Configuring for Access Point (AP) Mode The Access Point mode is the most basic of multi-function modes. It acts as a central hub as depicted in Figure 3-23. Figure 3-23. Access Point Mode Configure as shown in Figure 3-24. Figure 3-24.
3.5.2 Configuring for WDS (Bridge) In Wireless Distribution System (WDS) mode, remote access points connect to each other to provide a wireless bridge between LANs. See Figure 3-25 for depiction. Figure 3-25. WDS Layout 1. Perform the following steps in the Wireless Configuration page (Figure 3-26) for both routers. (Navigation: Network > Wireless, if necessary.) a. From the Channel drop-down list, set the two MPC8377EWLAN wireless routers to the same channel. b.
Figure 3-26. Setting the Same Channel, RA0 Section Shown 2. Click DHCP (Dynamic Host Configuration Protocol) to enter the DHCP configuration page, then at the DHCP (server) option, click Off (Figure 3-27).
Figure 3-27. DHCP 3.5.3 Configuring for Repeater Mode A repeater’s function is to extend the wireless coverage of another wireless access point or router. For a repeater to work, the remote wireless access point router must also support the WDS/Repeater function. See Figure 3-28 for depiction.
Figure 3-28. Repeater Mode Perform the following steps in the Wireless Configuration page Figure 3-29. (Navigation: Network > Wireless, if necessary.) 1. From the Channel drop-down list, select a channel to match the other EWLAN channel. (The channel setting must be the same for both EWLANs.) 2. From the Mode drop-down list, select Repeater. 3. In the SSID field, type the AP’s SSID. 4. In the WDS [n] BSSID fields, type the other WDS AP’s BSSIDs. (Format: xx:xx:xx:xx:xx:xx) 5.
Figure 3-29. Repeater Mode Configuration, RA0 Section Shown 3.5.4 Configuring for AP Client Mode An AP-Client can extend the wireless coverage of another wireless AP or router. However, AP-Client does not require the remote device to have WDS function. It can work with almost any wireless device. See Figure 3-30 for depiction. Figure 3-30. AP Client Mode Perform the following steps in the Wireless Configuration page Figure 3-31. (Navigation: Network > Wireless, if necessary.) 1.
2. In the SSID field, type the SSID of the AP client unit. 3. From the Encryption Type drop-down list, select the Encryption Type of the AP client unit. 4. In the AP’s SSID field, type the AP’s SSID field of the AP client unit. 5. In the AP’s BSSID 335 field, type the AP’s BSSID (MAC address) field of the client unit. 6. From the AP’s Auth Mode drop-down list, select the AP’s Auth Mode of the AP client unit. Figure 3-31.
Figure 3-32. AP Client Mode Layout 3.6 Selecting DynDNS Settings Dynamic-DNS (Dynamic Domain Name System, also known as DDNS) allows a user to export a host name to the Internet through a DDNS server provider. Each time the MPC8377EWLAN wireless router connects to the Internet and gets an IP address from the ISP, this function updates your IP address to the DDNS service provider automatically. Any user on the Internet can access it through a predefined name registered in DDNS service provider.
3.7 Firewalls Firewall prevents unauthorized access to or from a private network. You can configure MPC8377EWLAN as Firewall to prevent unauthorized Internet users accessing your private networks connected to the Internet. Click Network > Firewall to open the Firewall configuration page (Figure 3-34). Figure 3-34. Firewall Configuration 3.7.1 Forwarding Configuration The forwarding configuration should be set when the package traffic function is effect between ethernet ports.
3.7.2 Incoming Ports The Incoming Port screen allows you to customize incoming ports. (Figure 3-35) The incoming ports configuration should be set when the client on board is using TCP (or other protocol) port XXX, the incoming package data via port XXX would to be allowed. Figure 3-35 Incoming Ports Table 3-3 describes each of the Incoming ports option. Table 3-3 Incoming Ports Options Description Name Enter the name of the port.
Table 3-4 Port Forwarding Options Description Name Enter the name of the port. Protocol Select the protocol used for this application from the drop-down list. You can select TCP, UDP or Both as a protocol. Source IP Enter the source IP. Destination IP Enter the destination IP. To IP Address Enter the IP address. Port Enter the port address. Remove Rule Click this link to remove the rule. Click Save Changes to apply your changes.
Figure 4-2. System Settings 4.2 Password Click Password. Figure 4-3 depicts the System > Password window. Type the new login password in both the New Password and Confirm Password fields. This is the password used for logging into the web configuration page. Figure 4-3. Password 4.3 SNMP The Simple Network Management Protocol (SNMP) is a widely used protocol for monitoring the health and welfare of network equipment (example, routers), computer equipment and even devices like UPS.
Click SNMP. Figure 4-34 depicts the System > SNMP window, Configure the Simple Network Management Protocol settings. You can use management software to read or write information from or to the device. Figure 4-4 SNMP Settings Table 4-1 describes each SNMP setting options in detail. Table 4-1 SNMP Settings Options Description SNMP Public Community Name SNMP Public Source It identifies a group of devices and management systems that can read configure information of system by SNMP “Get” commands.
device at this port. 4.4 Firmware Upgrade Click Upgrade. Figure 4-5 depicts the System > Firmware Upgrade window. Click Browse to locate the new firmware, then click Upgrade to change the firmware. NOTE Upgrading firmware may take a few minutes. Do not turn off the power nor invoke any resets, such as pressing the reset button). Figure 4-5. Firmware Upgrade Click Save Changes, if certain. (There are also the following options: Apply Changes, Clear Changes, Review Changes.) 4.5 Reboot Click Reboot.
5.1 System This section describes the status of device. (Figure 5-2) Figure 5-2 Device Status 5.1.1 RAM Usage This section displays the current RAM usage. It also tells the total available RAM and percentage of used RAM. (Figure 5-2) 5.1.2 Tracked Connections This section displays the number of connections in your router's conntrack table (Figure 5-2). You can click the View Conntrack Table link to jump to Conntrack Table page. 5.1.
5.2 Modules Click Modules. Figure 5-3 displays information about kernel modules. It displays all the loaded modules and provide information about module name, size, count, state, address and used by. Figure 5-3 Kernel Modules 5.3 Interfaces Click Interfaces. Figure 5-4 depicts the Status > Interfaces window and various interface settings.
Figure 5-4. Reboot Table 5-1 describes each of the section of Interfaces page. Table 5-1 Interfaces Option Description WAN WAN stands for Wide Area Network and is usually the upstream connection to the internet. DNS Server It displays the DNS server details. LOOPBACK A loopback interface is a type of 'circuit less IP address' or 'virtual IP' address, as the IP address is not associated with any one particular interface (or circuit) on the host or router.
Click the Show raw statistics button, to view the Raw Information page at the bottom of the page. (Figure 5-5) Figure 5-5 Raw Information 5.4 DHCP Clients Click DHCP Clients. Figure 5-6 displays the DHCP leases.
DHCP leases are assigned to network clients that request an IP address from the DHCP server of the router. Clients, who have requested their IP lease before this router, was rebooted and may not be listed until they request a renewal of their lease. 5.5 Netstat Click Netstat. Figure 5-7 displays the detailed information about Ethernet/Wireless physical connections, routing table, router listening ports and connections to the routers. Figure 5-7 Netstat 5.6 Conntrack Click Conntrack.
Figure 5-8 Conntrack 1. Insert a string to include or exclude in the Text to Filter text box. You can also type the regular expression constants like: 00:[[:digit:]]{2}:[[:digit:]]{2} or debug|.err 2. From the Filter Mode drop-down list, select Include or Exclude option. 3. Click Remove Filter button to remove the filter option that you have selected. 4. Click Filter Records button to filter the records. 5.7 Iptables Click Iptables. Figure 5-9 displays iptables status.
Figure 5-9 Iptables 5.8 USB Click USB. Figure 5-10 displays the information about all the connected devices (excluding system hubs) and mounted USB/SCSI devices.
Figure 5-10 USB Warning! You must umount the device before unplug. 5.9 PPPoE Click PPPoE. Figure 5-11 displays the PPPoE status. Figure 5-11 PPPoE 5.10 Diagnostics Click Diagnostics. Figure 5-12 displays the network utilities options to ping and trace route.
Figure 5-12 Diagnostics 6 VPN Virtual Private Network (VPN) is a security measure that creates a secure connection between two remote locations. There are two basic ways to create a VPN connection: • • VPN Router to VPN Router Computer (using VPN client software) to VPN Router VPN Router to VPN Router: For example, at home, a telecommuter uses his VPN router to connect to the Internet. He configures his router with office VPN settings.
Figure 6-1. VPN > IPSec page 6.1 IPSec The VPN Router can create one or multiple tunnels (or secure channel) that each connect between two endpoints, so that the transmitted data or information between these endpoints is secure. Virtual Private Network (VPN) is a security measure that creates a secure connection between two remote locations. Configure these settings so the Gateway will create VPN tunnels. Click VPN > IPSec to open the IPSec page (Figure 6-1).
Local IP Enter the Local IP address. Local Mask Enter the mask to determine the IP addresses on the local network. Peer IP Enter the peer IP address of tunnel. Remote Security Gateway Type Select IP only or IP + domain from the Remote Security Gateway Type drop-down list. Incase, you select IP Only, then only the specific IP Address will be able to access the tunnel. Destination IP Enter the destination IP address.
Figure 6-2 IKE with Preshared Key Table 6-1 describes the IKE with preshared key options for phase 1 and phase 2. Table 6-1 Phase 1 and Phase 2 Function Description Phase 1 Encryption The encryption method determines the length of the key used to encrypt or decrypt the ESP packets. It supports 3DES. Notice that both sides of the VPN tunnel must use the same Encryption method. Authentication Authentication determines a method to authenticate the ESP packets. You can select MD5 or SHA1.
supports 3DES. Notice that both sides of the VPN tunnel must use the same encryption method. Authentication Authentication determines a method to authenticate the ESP packets. You can select MD5 or SHA1. Both sides of the VPN tunnel must use the same authentication method. Group This is for Diffie-Hellman key negotiation. There are 3 groups available for ISAKMP SA establishment; 768-bit, 1024-bit, 1536-bit. It represents different bits used in Diffie-Hellman mode operation. 768-bit Group isn’t support.
Table 6-2 Manual Keying Mode Function Description Inbound/Outbound SPI The SPI (Security Parameter Index) is carried in the ESP header. Its range is 256 -65535. Each tunnel must have an unique Inbound SPI and Outbound SPI. Notice that Inbound SPI must match the other router's Outbound SPI. Inbound/ Outbound Encryption Type The Encryption method determines the length of the key used to encrypt or decrypt ESP packets. It supports 3DES.
6.2 PPTP Click VPN > PPTP to open the PPTP page (Figure 6-5). Perform the following steps: 1. Enter the user name. 2. Enter the password. 3. Enter the IP Address. 4. Click Add to add the configuration 5. Click Save Changes to save the configuration data. Figure 6-5 VPN > PPTP VPN User page 7 Managing Storage, Samba, and File Editing in NAS This section explains managing storage and other related items in Network-Attached Storage (NAS): Disk, RAID (Redundant Array of Independent Disks), Samba, File Editor.
Figure 7-1. NAS 7.1 Disk Management Click Disk. Figure 7-2 depicts the NAS > Disk Management window. Figure 7-2. Disk Management To add a new disk, click New. Figure 7-3 depicts the NAS > Disk Management > New window. Type in fields or select from drop-down lists as appropriate. Figure 7-3. Add New Disk The Action Command drop-down list includes the following possible actions besides No Action: Format, Mount, and Umount. 7.2 Format Disk CAUTION If you select Format, all data on the disk will be lost.
2. From the Action Command drop-down list, select Format. Figure 7-4. Format Disk 7.2.1 Mount Disk Perform the following steps, as depicted in Figure 7-5. 1. In the Mount point field, type the address you want to mount. For example, /home. 2. From the Action Command drop-down list, select Mount. Figure 7-5. Mount Disk 7.2.2 Unmount Disk Perform the following steps, as depicted in Figure 7-6. 1. In the Mount point field, type the address where your disk is mounted. 2.
Figure 7-6. Unmount Disk 7.3 RAID Management Click RAID. Figure 7-7 depicts the NAS > RAID Management window. Figure 7-7. RAID Management To add a new disk, click New. Figure 7-8 depicts the NAS > RAID Management > New window. Type in fields or select from drop-down lists as appropriate. The (Table 7-1) below explains each of the option present in RAID management window in detail. Table 7-1 RAID Management Option Description Raid Name Enter the RAID name.
File system These are the entire file systems (FS) supported. “Other” represents other file systems Mount point This is the mount point of this RAID device. Action Command Caution: If you choose Create/Format, then all data is deleted from the disk. Figure 7-8. Add New RAID NOTE Before using RAID management, make sure that you have selected RAID in the File system drop-down list (Figure 7-9). Figure 7-9. RAID File System Selection 7.3.1 Create RAID0 This procedure creates the software RAID0.
1. In the Raid Name text box, type the name. 2. From the Raid type drop-down list, select RAID 0. 3. Click Add Member. (You must have two disks on the 8377.) 4. From the Action Command drop-down list, select Create. Figure 7-10. Create RAID0 7.3.2 Create RAID1 This procedure creates the software RAID1. Perform the following steps, as depicted in Figure 7-11: 1. In the Raid Name text box, type the name. 2. From the Raid type drop-down list, select RAID 1. 3. Click Add Member.
Figure 7-11. Create RAID1 7.3.3 Format RAID After creating software RAID0/1, format the RAID to one file system of your choosing. Perform the following steps as depicted in Figure 7-12: 1. From the Raid devices drop-down list, select the device. 2. From the Action Command drop-down list, select Format. Figure 7-12.
7.3.4 Recovery If one disk is out of service, and a new disk is added or any other reason that makes the state of RAID abnormal, you can choose this command to recover the RAID. Perform the following steps as depicted in Figure 7-13: 1. From the Raid devices drop-down list, select the device. 2. From the Action Command drop-down list, select Recover. Figure 7-13. RAID Recovery 7.3.5 Mount To mount the RAID to one folder, such as /home, perform the following steps as shown in Figure 7-14: 1.
Figure 7-14. Mount RAID 7.3.6 Unmount To unmount RAID, perform the following steps as shown in Figure 7-15: 1. In the Mount point field, type the address where your disk is mounted. 2. From the Action Command drop-down list, select Umount.
Figure 7-15. Unmount RAID 7.3.7 Stop Make sure your disk is not operational at this time and un-mounted already before you stop RAID management. Perform the following steps as depicted in Figure 7-16. 1. From the Action Command drop-down list, select Stop.
Figure 7-16 Stop 7.4 Samba Management Samba is free, open source software that allows a UNIX server to act as a file server to Windows clients. It runs under Linux, FreeBSD, and other UNIX variants. Click Samba. Figure 7-17 depicts the NAS > Samba Management window.
Figure 7-17. Samba Management, Shares No. 1 Section Shown NOTE You can access all the shares by using the Samba service. You can edit, remove, or add one share. 7.5 File Editor The file editor makes it possible to browse, and operate files through the web (Http/Https). Click File Editor. (Figure 7-18) depicts the NAS > File Editor window.
Figure 7-18. File Editor 8 Intrusion Detection Systems This section explains detection of electronic intrusion attempts. Click IDS (Figure 8-1), then proceed with the respective sections. Figure 8-1. IDS 8.1 IDS (Intrusion Detection Systems) Click IDS. Figure 8-2 depicts the IDS > Intrusion Detection Systems window.
Figure 8-2. IDS, Snort 8.1.1 Snort Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior through protocol analysis, content searching, and various pre-processors. Snort uses a flexible rule-based language to describe traffic that it should collect or pass a modular detection engine. Perform the following steps as shown in Figure 8-2: 1. Under Snort section, in the Snort, click Enable to turn on the IDS function. 2.
Figure 8-3. Alert 8.3 Packets (Download Alert Packets) Click Packets. When intrusion occurs, you can save the packet from EWLAN to your PC by clicking Download (Figure 8-4). To download alert packet, follow the steps given below: 1. Enter the file name in the Name this packet text box. For example, “xx.cap”. 2. Click Download and save the file to the local PC.
Figure 8-4. IDS Alert Packets 9 Intrusion Prevention Systems This section explains configuring the unit to detect electronic intrusion attempts. IPS is an advanced technology to protect your network from malicious attacks. IPS works together with your SPI Firewall, IP Based Access List (IP ACL), Network Address Port Translation (NAPT), and Virtual Private Network (VPN) to achieve the highest amount of securities. IPS works by providing real-time detection and prevention as an in-line module in a router.
9.1 Configuration (IPS Configuration) Click Configuration. Figure 9-2 shows IPS Configuration. Figure 9-2. IPS Configuration 9.1.1 IPS Configuration The Wireless Router support advanced Intrusion Prevention System (IPS) is an integral part of the selfdefending strategy. It allows you to stay current on the latest threats to identify, classify, and stop malicious and damaging traffic in real-time. Perform the following steps as depicted in Figure 9-2. 1. Enable/disable IPS Function. 2.
Figure 9-3. IPS P2P/IM Table 9-1 explains each option given in the IPS > P2P/IM page. Table 9-1 IPS > P2P/IM Options Option Description IPS P2P/IM Allow access to web interface (HTTPS) from the Internet You can block or unblock access to web interface (HTTPS) from the Internet. Allow shell access (SSH) from the Internet You can block or unblock shell access (SSH) from the Internet. Allow access to external DNS servers You can block or unblock access to external DNS servers.
Figure 9-4. IPS Information 10 Logout Click Logout to logout from the web page. (Figure 10-1) Figure 10-1. IPS Information NOTE You must close the web browser to logout. It is not possible to logout automatically until you close the web browser. Your web browser caches the basic httpd authentication. Therefore, you must close the web browser. With Firefox, clear private data to force it to forget the credentials you have supplied.
